From owner-freebsd-security Sun Jun 20 8:45:51 1999 Delivered-To: freebsd-security@freebsd.org Received: from relay.acadiau.ca (relay.acadiau.ca [131.162.2.90]) by hub.freebsd.org (Postfix) with ESMTP id 536BE14E03 for ; Sun, 20 Jun 1999 08:45:48 -0700 (PDT) (envelope-from 026809r@dragon.acadiau.ca) Received: from dragon.acadiau.ca (dragon.acadiau.ca [131.162.1.79]) by relay.acadiau.ca (8.8.5/8.8.5) with ESMTP id MAA01476 for ; Sun, 20 Jun 1999 12:45:42 -0300 (ADT) Received: from localhost (026809r@localhost) by dragon.acadiau.ca (8.8.8+Sun/8.8.8) with ESMTP id MAA13653 for ; Sun, 20 Jun 1999 12:45:40 -0300 (ADT) Date: Sun, 20 Jun 1999 12:45:40 -0300 (ADT) From: Michael Richards <026809r@dragon.acadiau.ca> X-Sender: 026809r@dragon To: freebsd-security@FreeBSD.ORG Subject: Allowing non root users to bind low ports Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org Hi... I was giving this concept a little thought. If I'm not root and I can bind a low port, let's say the telnet port. I could write myself a fake telnet daemon and run it. Sooner or later, someone is going to try using it... This whole thing about non-root users binding to low ports would only be useful if there are no shell accounts on a machine IMO. -Michael To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message